Pakat Email Marketing
PassAudited by ClawScan on May 10, 2026.
Overview
This is a transparent Pakat API helper, but it can send emails and modify marketing data using your Pakat API key, so review actions before use.
Install/use this skill only if you intend your agent to manage Pakat email marketing resources. Keep the API key protected, prefer least-privilege credentials, and explicitly confirm any send, update, unsubscribe, or delete action before it is run.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unintended command could create or schedule emails to subscribers.
The skill documents curl-based API calls that can create scheduled email campaigns. This is aligned with the stated email marketing purpose, but campaign sending can affect many recipients.
### Create and send a campaign ```bash curl -s -X POST -H "X-API-KEY: $PAKAT_API_KEY" ... "https://new.pakat.net/api/campaigns" ```
Before allowing campaign or transactional email actions, verify recipients, list IDs, subject, sender, timing, and content.
Deleting lists, subscribers, campaigns, or templates could remove business data or disrupt marketing operations.
The API reference includes destructive operations for lists, subscribers, and campaigns. These are normal management functions for an email marketing API, but they should be user-confirmed.
| DELETE | /lists/{list_uid} | Delete list |
| DELETE | /lists/{list_uid}/subscribers/{subscriber_uid} | Delete subscriber |
| DELETE | /campaigns/{campaign_uid} | Delete campaign |Use read-only/listing commands first, confirm object IDs, and require explicit user approval before delete or bulk-modification requests.
Anyone or any agent action using the API key may be able to view or change Pakat account resources allowed by that key.
The skill requires a Pakat API key to authenticate requests. This credential use is disclosed and purpose-aligned, but it grants delegated access to the user's Pakat account.
Require env var `PAKAT_API_KEY`. If not set, ask the user for their API key.
Use a least-privilege Pakat API key if available, keep it in the environment rather than chat when possible, and rotate it if exposed.